LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 01-05-2006, 12:39 PM   #16
alaskazimm
Member
 
Registered: Mar 2004
Location: Watching it snow in bush Alaska
Distribution: *ubuntu, Smoothwall, WinXP Pro
Posts: 126

Rep: Reputation: 15

That twas Mark Twain.
 
Old 01-05-2006, 12:55 PM   #17
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 53
I don't see why a virus would not exist on Linux...
Under windows you can also run as an unpriviledge user and only run a few things with runas as admin.

To me why there are no known virus under Linux is because:
-> The user is a bit more clever
-> There are less Linux desktop running

To make things clear, I am a Linux addicted, don't get me wrong

Or am I fortunatly wrong?
 
Old 01-05-2006, 04:54 PM   #18
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
Linux viruses aren't, or wont be wide spread for a few reasons.

First off, most viruses are just stupid scripts, and expect the system to be laid out in a certain way, most distros differ in their layout, some by a little, others by a lot. So a virus would have a harder time trying to change system files, if it doesnt know where they are.

Simular to the reason above, viruses that are binary code would have a bit of a problem. If they make use of libraries, those libs might not be present, or they might be a different version, or the distro was compiled with some weird options that makes the libraries unacessable to the binary virus.

Those 2 reasons would limit a virus to a specific disto, or to a subset of all the distros.

Viruses need to be activated by users normally, in any case, on a proper system, the virus could only be installed and run under the current user. This leaves the virus with a small problem if the current user cant be used to spread itself. Assuming the virus had no intention of spreading by the network (due to a firewall blocking email traffic normal users, or something so it cant use the network like it wants to), but instead install a rootkit of sorts, you still need to install that rootkit. The virus would need to exploit a hole in the kernel to get root privs (without the user knowing). This alone would be a hard task, patches could be coming fast, but once the virus becomes root, it can install a rootkit and backdoor.

Other ways to get root would be for the virus to "use" a root-running service, with the intent to hyjack that program/service while its running. This would be very hard on secure systems, where no service is run as root, or at least they run in a jail so they cant kill the rest of the system.

both exploit routes would require certain versions of programs/kernels be installed, as its likely that a exploit would only work in a certain number of versions. On top of that, secure systems would have extra kernel patches to prevent unknown software from running, and possibly other security patches to make any root-getting exploit harder.

Granted most systems wouldn't be as secure as i say here, but a virus would still be limited to just a subset of all the linux distros, due to layout issuses/security in distros/some custom obfuscations to make it harder.

The smarter viruses would probably be perl/php/python/some script so it can run on any system with that package installed. A smart virus might even be able to scan your system files to find what it wants to change. But, your still left with the small problem of that pesky privs problem, so its not like total morons are going to be making linux/bsd viruses on the mass scale (percentage wise, of the total linux/bsd base) anytime soon. And in the future, the scripting languages might even be protected from users that dont need to use them, making it harder for viruses to spread easily.
 
Old 01-05-2006, 06:16 PM   #19
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Quote:
Originally Posted by SciYro
Linux viruses aren't, or wont be wide spread for a few reasons.
[...]
viruses that are binary code would have a bit of a problem. If they make use of libraries, those libs might not be present, or they might be a different version, or the distro was compiled with some weird options that makes the libraries unacessable to the binary virus.
What kind of libraries? OpenSSL? libpcap?
The most obvious is glibc, but real viruses are coded in assembler and it's trivial to make them use system calls instead.

I think the main reason that viruses aren't normally written for Unix environments is that it's a waste of root privileges. It'd be better to install a backdoor and make the box part of a zombie network to conduct more attacks.

The most obvious line of defense is to never run browser, media players, image viewers and even archive decompressors with the root account. These image exploits are a nasty thing. This, and tripwire will make your box secure to trojans & viruses.

Quote:
Viruses need to be activated by users normally
If you run any of the programs mentioned above, if they're exploitable, then it'd be automatic... If you run them as root, then they could deactivate the firewall, etc...

Quote:
both exploit routes would require certain versions of programs/kernels be installed, as its likely that a exploit would only work in a certain number of versions.
The current infrastructure of metasploit is an example of the abstraction that may be possible in future exploits that wouldn't need to contain the whole menu... It could just download shellcode and apply it.

Viruses simply can't breathe as they can in Windows environments. There are worse specimens than viruses for Unix...
 
Old 01-05-2006, 07:30 PM   #20
BajaNick
Senior Member
 
Registered: Jul 2003
Location: So. Cal.
Distribution: Slack 11
Posts: 1,737

Rep: Reputation: 46
Quote:
Originally Posted by yenonn
No, It does not true.
 
Old 01-05-2006, 10:46 PM   #21
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,425

Rep: Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159Reputation: 1159
Most infestations that I have seen use some vulnerability in a running service that is running as root, which on standard Linux/Unix systems is necessary only to open TCP/IP port-numbers lower than #1024. Or, the user is very careless with passwords and a dictionary attack succeeds.

In any case, I think it safe to say that the Linux community at large is not categorically "careless." If you use Linux at all at this point, you probably know a fair bit more than the common-bloke about computers!

The Windows community at-large, per contra, is categorically uninformed. (Not clueless, not by any means stupid, but seriously uninformed.) And there are millions of machines out there where privilege escalation is simply not required: everyone runs everything as "root."

I do expect this to change. Microsoft recently shipped a security-wizard which does a pretty darned good automated job of locking-up some of the common holes in (at least) Server systems ... this being where I first encountered it; I don't know how widespread it's being shipped. These people are not stupid and their system is not brain-dead; I expect "security" to be rolled out with much fanfare .. oh, about x+2 years from now, where it will be proudly called a "feature" and the Gartner Group will dutifully sing its praises.
 
Old 01-06-2006, 12:06 AM   #22
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
actually, you can set the kernel so other users/programs can use the lower TCP ports. I think its possible somewhere in the /proc mess, but also by using RSBAC to set root capabilities on individual programs (like giving them acess to the lower TCP ports, but not root acess to the file system). It can also be used to limit programs that run as root, or even limit root itself, or to make other users "root". So theres little need to run services as root at all, or at least not with full root privs.
 
Old 01-06-2006, 12:22 PM   #23
Charred
Member
 
Registered: Mar 2005
Location: Utah, USA
Distribution: Slackware 11
Posts: 816
Blog Entries: 2

Rep: Reputation: 30
Quote:
Originally Posted by alaskazimm
That twas Mark Twain.
That's right. Thanks alaskazimm!
 
Old 01-07-2006, 12:05 AM   #24
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Quote:
Originally Posted by bigearsbilly
does it?
evidence?

I've never ever ever had one, well not one that does anything I know about like pop-ups porn
CPU usage, adware, ethernet usage, or any out of the way behaviour at all.
So maybe I've had one that doesn't do anything at all.

Have you ever had one?
Do you know anyone who as ever had one?

Just interested.
We've had several threads in the security forum where people had systems infected with Linux viruses. Cracking tools are commonly found to be infected with things like Linux-RST. In fact even a Korean Mozilla binary was recently found to be infected (see Sept 21 entry):

http://www.mozilla.org/security/

//Has some on disk downstairs
 
Old 01-07-2006, 12:48 AM   #25
llmmix
Member
 
Registered: Jun 2005
Posts: 73

Rep: Reputation: 15
Huh? linux is so opened to scare virii/rootkit.
Don't be afraid to be hacked, then will waste time to experience something new..
 
Old 01-08-2006, 03:10 PM   #26
efi
LQ Newbie
 
Registered: Nov 2004
Location: Athens,Greece
Posts: 30

Rep: Reputation: 15
Linux is not as vulnerable as Windows but it is a stable and secure system ,and this the main reason why people switch.This article does not describe the main differences of all the systems it names.
 
Old 01-08-2006, 08:25 PM   #27
yenonn
Member
 
Registered: Feb 2003
Location: Malaysia
Distribution: Redhat 8.0, 9, Slackware 9.1
Posts: 511

Original Poster
Rep: Reputation: 30
http://www.zdnet.com.au/news/securit...9231787,00.htm

here is another to clarify
 
Old 01-09-2006, 09:13 AM   #28
bigearsbilly
Senior Member
 
Registered: Mar 2004
Location: england
Distribution: FreeBSD, Debian, Mint, Puppy
Posts: 3,298

Rep: Reputation: 175Reputation: 175
Quote:
Originally Posted by Capt_Caveman
We've had several threads in the security forum where people had systems infected with Linux viruses. Cracking tools are commonly found to be infected with things like Linux-RST. In fact even a Korean Mozilla binary was recently found to be infected (see Sept 21 entry):
Looked at the mozilla report.

Still not convinced there's a serious threat to me.

Sounds more like a trojan to me anyway, depends upon user downloading and installing it.
Not just sitting there like a dos user and then wham-o.

All though people like symantec, norton etc. try scaremongering a bit
(maybe a fearful populous is in their interest?)

All I say is, don't lose sleep.
 
Old 01-13-2006, 05:47 PM   #29
fdigiov
LQ Newbie
 
Registered: Jan 2006
Posts: 3

Rep: Reputation: 0
"Still not convinced there's a serious threat to me" yep
 
Old 01-13-2006, 09:01 PM   #30
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Looked at the mozilla report. Still not convinced there's a serious threat to me.
You might feel different if you were a native Korean speaker who had to rebuild his system...

Sounds more like a trojan to me anyway, depends upon user downloading and installing it.
Not just sitting there like a dos user and then wham-o.

It's an ELF infector which distinguishes it from a trojan according to most definitions. Run it on your system and it will infect all executables it has write access to in that dir and in /bin. If you want to make up your own definitions, then that's fine and I'm not going to argue over the semantics of it.

All though people like symantec, norton etc. try scaremongering a bit (maybe a fearful populous is in their interest?) All I say is, don't lose sleep.
I'm not suggesting they're some huge threat. You asked for evidence of their existence and seemed to suggest they don't. They clearly do and IMHO walking around saying they don't exist does as much of a disservice as fear-mongering. Having knowledge allows people make informed decisions for themselves. You don't think viruses are a serious threat, great, honestly I really don't either...I think there are much more important threats out there for people to worry about, but that still doesn't change my point.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
if linux becomes popular, won't it become more vulnerable than windows lynchpin9 Linux - Security 8 01-25-2006 06:24 AM
Linux servers were the most vulnerable????? xgreen Linux - Security 12 02-23-2004 08:55 PM
How vulnerable is Linux Vincent_Vega Linux - Security 7 01-18-2004 07:44 AM
SpyWare - Linux/UNIX system vulnerable? cmf5150 General 5 01-16-2004 08:25 PM
in what way is Linux less vulnerable than Windows? ryancw Linux - Newbie 18 10-10-2003 04:45 AM


All times are GMT -5. The time now is 12:00 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration